Forum for Science, Industry and Business

Sponsored by:     3M 
Search our Site:


Injecting Malicious Code Into HTML5-Based Apps


Scanning 2D barcodes, finding free Wi-Fi access points, sending SMS messages, listening to music, and watching MP4 videos: these are very common activities that we do using our smartphones.

Can you imagine that simply doing these things can get your smarphones infected with "worms" that can not only steal personal information from your phone, but also infect your friends's phones.

Sound scary? It will not be long before worms like this spread among smartphones. What makes the attacks feasible is an emerging technology called HTML5-based app development, and it has been rapidly gaining popularity in the mobile industry.

When the adoption of this technology reaches certain threshold, attacks like this will become quite common, unless we do something to stop it. A recent Gartner report says that by 2016, fifty percent of the mobile apps will be using HTML5-based technologies.

What platforms are affected?

All major mobile systems will be affected, including Android, iOS, Blackberry, Windows Phone, etc., because they all support HTML5-based mobile apps.

A notorious problem of the HTML5-based technology is that malicious code can be easily injected into the program and get executed. That is why the Cross-Site Scripting (XSS) attack is still one of the most common attacks in the Web.

XSS attacks can only target at web applications through a single channel (i.e. the Internet), but with the adoption of the same technology in mobile devices, we have found out that a similar type of attack can not only be launched against mobile apps, it can attack from many channels, including 2D barcode, Wi-Fi scanning, Bluetooth pairing, MP3 songs, MP4 videos, SMS messages, NFC tags, Contact list, etc. As long as an HTML5-based app displays information obtained from outside or from anohter app, it may be a potential victim.

Chris Hittinger | EurekAlert!
Further information:

More articles from Information Technology:

nachricht Theoretical computer science provides answers to data privacy problem
08.10.2015 | National Science Foundation

nachricht IP-cores for real-time signal processing in digital communication systems
07.10.2015 | Fraunhofer-Institut für Nachrichtentechnik Heinrich-Hertz-Institut

All articles from Information Technology >>>

The most recent press releases about innovation >>>

Die letzten 5 Focus-News des innovations-reports im Überblick:

Im Focus: Kick-off for a new era of precision astronomy

The MICADO camera, a first light instrument for the European Extremely Large Telescope (E-ELT), has entered a new phase in the project: by agreeing to a Memorandum of Understanding, the partners in Germany, France, the Netherlands, Austria, and Italy, have all confirmed their participation. Following this milestone, the project's transition into its preliminary design phase was approved at a kick-off meeting held in Vienna. Two weeks earlier, on September 18, the consortium and the European Southern Observatory (ESO), which is building the telescope, have signed the corresponding collaboration agreement.

As the first dedicated camera for the E-ELT, MICADO will equip the giant telescope with a capability for diffraction-limited imaging at near-infrared...

Im Focus: Locusts at the wheel: University of Graz investigates collision detector inspired by insect eyes

Self-driving cars will be on our streets in the foreseeable future. In Graz, research is currently dedicated to an innovative driver assistance system that takes over control if there is a danger of collision. It was nature that inspired Dr Manfred Hartbauer from the Institute of Zoology at the University of Graz: in dangerous traffic situations, migratory locusts react around ten times faster than humans. Working together with an interdisciplinary team, Hartbauer is investigating an affordable collision detector that is equipped with artificial locust eyes and can recognise potential crashes in time, during both day and night.

Inspired by insects

Im Focus: Physicists shrink particle accelerator

Prototype demonstrates feasibility of building terahertz accelerators

An interdisciplinary team of researchers has built the first prototype of a miniature particle accelerator that uses terahertz radiation instead of radio...

Im Focus: Simple detection of magnetic skyrmions

New physical effect: researchers discover a change of electrical resistance in magnetic whirls

At present, tiny magnetic whirls – so called skyrmions – are discussed as promising candidates for bits in future robust and compact data storage devices. At...

Im Focus: High-speed march through a layer of graphene

In cooperation with the Center for Nano-Optics of Georgia State University in Atlanta (USA), scientists of the Laboratory for Attosecond Physics of the Max Planck Institute of Quantum Optics and the Ludwig-Maximilians-Universität have made simulations of the processes that happen when a layer of carbon atoms is irradiated with strong laser light.

Electrons hit by strong laser pulses change their location on ultrashort timescales, i.e. within a couple of attoseconds (1 as = 10 to the minus 18 sec). In...

All Focus news of the innovation-report >>>



Event News

EHFG 2015: Securing healthcare and sustainably strengthening healthcare systems

01.10.2015 | Event News

Conference in Brussels: Tracking and Tracing the Smallest Marine Life Forms

30.09.2015 | Event News

World Alzheimer`s Day – Professor Willnow: Clearer Insights into the Development of the Disease

17.09.2015 | Event News

Latest News

NASA provides an infrared look at Hurricane Joaquin over time

08.10.2015 | Earth Sciences

Theoretical computer science provides answers to data privacy problem

08.10.2015 | Information Technology

Stellar desk in wave-like motion

08.10.2015 | Physics and Astronomy

More VideoLinks >>>